| Name | TEMP-0000000-F41FA7 |
| Description | DoS |
| Source | Automatically generated temporary name. Not for external reference. |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| libemail-address-perl (PTS) | jessie | 1.905-2 | vulnerable |
| stretch | 1.908-1+deb9u1 | fixed |
| buster, bullseye | 1.912-1 | fixed |
| sid, trixie, bookworm | 1.913-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
[jessie] - libemail-address-perl <ignored> (Minor issue vs. usability impact of module)
[wheezy] - libemail-address-perl <ignored> (Minor issue vs. usability impact of module)
workaround entry for DLA-320-1 until/if CVE assigned
For the denial of service issue as of 1.908 as mitigation default value
for nestable comments set to deep level 1.
https://github.com/rjbs/Email-Address/commit/3056b7da4fffbce9ad92f9799fffc587ab40303d
No CVE will be assigned for behaviour change between 1.907 and 1.908
See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic Complexity")
issue still present in 1.908
https://www.openwall.com/lists/oss-security/2015/10/02/13